0 Replies Latest reply: May 16, 2012 5:36 PM by H G RSS

CID paramerter and authentication issue

H G Newbie

Hi,

 

First of all I'm using Seam 2.2.2 in WAR project. I have Register component that is used from the view to login or register users. After the user is registered a email is sended with link for confirmation. When the user access the link, his account is activated and can login. This few functionality are working well, but in one specific case there is a little problem. When I introduce the next link into the browser url field --> http://localhost/mywarproject the Url automatically change to http://localhost/mywarproject/login.seam?cid=1. That's very important and I think the root of the problem. Now I proceed and register a new account, there appears a notification, the account is created and email is sended  for confirmation. Now I open another tab in the browser to access me email account and after that I activate the account accessing the link. The link opens the login.seam whit some get parameters appended to the url  and in the Register component, in @Create method the account is activated updating a field. Now if I close the tab and introduce the my password in the first tab, the application is notificating that the account is not activated (in this moment in the database the account is activated). This is the piece of code that is not returning the real value from the database:

 

Authenticator component:

 

@In(value = "currentAccount", required = false)

@Out(value = "currentAccount", required = false, scope=ScopeType.SESSION)

private AccountExternal currentAccount;

@In private EntityManager entityManager;

  .

  .

  .

-


 

if(credentials.getUsername().length() > 0 && credentials.getPassword().length() > 0) {

                currentAccount = (AccountExternal)entityManager.createQuery("from AccountExternal a where a.login =:login and a.password =:password")

                .setParameter("login", credentials.getUsername())

                .setParameter("password", credentials.getPassword())

                .getSingleResult();

               

                if(currentAccount != null) {

                    if(currentAccount.isIsActive()) {

                         .

                         .

                         .

                 }

  

 

 

 

The currentAccount.isIsActive() is evaluated to false where the field in the database is true. If I remove the cid in the Url then all is working good. Probably if the cid parameter is used,  there is a session propagation and this affect the entityManager  (@In). How can I obtain the current value of the database when is used the cid parameter?

 

This is  the code that activate the account in the @Create method in Register component:

 

 

@Out(required = false, scope=ScopeType.SESSION)

private AccountExternal currentAccount;

 

.

.

.

-


currentAccount = entityManager.find(AccountExternal.class, personId);

     if(currentAccount != null) {

          currentAccount.setIsActive(true);

          entityManager.flush();

 

 

In components.xml

 

 

<persistence:managed-persistence-context name="entityManager" auto-create="true"

                               entity-manager-factory="#"

                           persistence-unit-jndi-name="java:/xxxxxxx"/>